Compliance / Certifications

GxP Cloud

Organizations can use Odyssey Validation Consultants’ (OVC) GxP Cloud for applications that have requirements under Good, Clinical Laboratory and Manufacturing Practices. The OVC GxP Cloud delivers fully compliant cloud services to regulated companies in the life sciences sector and in the connected health / IoT space, ensuring data integrity in an audit ready environment. OVC has worked closely with international regulatory authorities to develop its GxP cloud offering to ensure it meets and exceeds the requirements.

OVC partners with companies to achieve regulatory compliance in a cost effective and efficient manner providing a platform for continuous improvement, and works with organizations worldwide to establish and maintain best in class GxP Computerized Systems providing project management, validation and auditing services necessary to support regulated business processes.

Cloud Hosting Datacenters:

Adding cloud services to your portfolio is the right decision for many reasons including; but not limited to:

CAPex costs eliminated

Offload hardware lifecycle management OPex costs and challenges

Software licensing costs greatly reduced or eliminated

24x7x365 infrastructure monitoring – enhanced availability

While all of the reasons for moving to the cloud are very compelling there’s no getting around the fact that your reputation as a reliable technology services provider could be tarnished if your clients experience downtime caused by issues with the cloud server hosting facility.

We understand that your reputation is at risk, just as is ours. This is why Xterity’s Cloud Services are built on enterprise-class infrastructure and hosted in world-class datacenters from industry leaders such as Equinix and others. The combination of enterprise-class infrastructure and world-class datacenters enables us to confidently stand behind our service level agreement of 99.99% uptime.

Our cloud infrastructure is hosted in highly reliable and secure global datacenters which are continuously audited for compliance to the strictest standards including:

ISO 27001

ISO 9001

SSAE16 SOC-1 Type II

SSAE16 SOC-2 Type II

Detailed site specific certification information is available on request.

HIPAA Compliance

The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 to establish national standards to protect individuals’ medical records and other personal health information. The HIPAA Privacy Rule was passed in 2002 to provide safeguarding specifications to protect the privacy of personal health information. The rule regulates the use and disclosure of protected health information (PHI). In addition, the HIPAA Security Rule requires covered entities to secure electronic protected health information (ePHI) through implementation of administrative, technical, and physical security controls.

Since the Privacy Rule compliance date (April 2003) the US Dept. of Health and Human Services – Office for Civil Rights (OCR) has received over 130,000 HIPAA complaints and has resolved 96% of the cases. Non-compliance can be a very costly mistake. As of April 21, 2016 the OCR reports settling 33 non-compliant cases resulting in over $33M in penalties.

While Egenera cannot make your business (or your clients) HIPAA compliant we can help you be HIPAA compliant. If you are faced with a HIPAA audit we can help you meet your requirements by:

Entering into Business Associate Agreements (BAA)

Maintaining adherence to ISO 27001 best practices that HIPAA is based on

Assisting with the cloud operational aspects of an audit should it occur

Egenera constantly evaluates all security and privacy capabilities for our cloud operations and recently completed updates to maintain our compliance with industry and governmental regulations such as HIPAA, SSAE16 and ISO27001 to make your compliance responsibilities as painless as possible.

GDRP / CISPE

Billed as the “most important change in data privacy regulation in 20 years,” the European Union (EU) General Data Protection Regulation (GDPR) was approved by the EU Parliament on April 14, 2016 with enforcement commencing on May 25,2018.

To provide our partners and their customers regulatory peace-of-mind, Egenera has joined the Cloud Infrastructure Services Providers Europe (CISPE) organization as a member and we’ve proactively taken the steps to ensure our Xterity Cloud Services comply with the CISPE Code of Conduct for Data Protection.

The CISPE Code of Conduct provides guidance to customers in assessing whether cloud infrastructure services are suitable for the data processing activities that the customer wishes to perform. Egenera’s declaration of adherence to the Code instils trust and confidence for customers that:
• Customers can use Xterity Cloud Services to process personal data in ways that comply with applicable EU data protection law and;
• Xterity Cloud Services have met the CISPE Code of Conduct requirements

With cloud instances located on five continents we strive to stay ahead of regulatory requirements so that our partners, and their customers don’t have to worry if the infrastructure they rely on is compliant. With respect to CISPE; while data governance in the cloud is a shared responsibility our partners and their customers have peace-of-mind knowing that we’re performing the role of “data processor” in a CISPE compliant manner. One critical point that some businesses may not be aware of is that the GDPR also encompasses the export of personal data outside the EU